Cisco Firewall :: 5510 / How To Ssh Directly From Home PC
Dec 3, 2012We have a Cisco Firewall 5510.When I VPN into the network, I have to rdp to a windows desktop in order to SSH into my linux boxes.how to ssh ditrectly from home PC.
View 3 Replies
ADVERTISEMENT
Home Network :: Connecting Directly To Modem?
Feb 8, 2011What I learned was it was bad to connect directly to the modem because you are left open to the internet. Currently my friend just got the internet and I told them to buy a router but they did not, and just have it directly connected to the modem. Is this fine, because they only have one computer, and it works fine for now, but wouldn't this be prone for attack?
View 3 Replies View RelatedHome Network :: Connect A Netgear FS605 Directly To ADSL Router
May 12, 2012I want to connect a Netgear FS605 directly to my ADSL router.However I find that this does not work unless I put my Netgear EN2005 Hub in between the Switch and the Router.The Hub is 10Mb/sec the switch 100Mb/s so I would like to eliminate the hub.
View 3 Replies View RelatedCisco Firewall :: Use ASA 5510 Smart Call Home Feature For Automatic Backup Creation By Email
Feb 10, 2013I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.
OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to fcaccam@example.com...
ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33)
ERROR: Failed: CONNECT_FAILED(33)
Cisco :: Server Plugged Directly Into Firewall
Jan 31, 2011Can I directly plug a server into an inside interface in a firewall (Cisco ASA 5510). I'm just confirming that I don't need to have a switch between them.This is the only server behind the firewall.
View 2 Replies View RelatedCisco Firewall :: NAT To IP Address Not Directly Connected To PIX 515
Mar 27, 2012Can an ip address be NAT'ed to an ip address on a PIX 515 which isn't an ip address of a network directly connected to an interface on the PIX?
Specifically, can a host with an ip address of 150.140.102.3/26 which is connected to a network whose PIX firewall interface is 150.140.102.1/26 be NAT'ed to an ip address of 150.90.70.1/24 which is not a ip address of an interface that is directly connected to that same PIX 515?
I've attached a PDF depicting the network topology and describing the above.My first response to this question is that it can't be configured to do this, but need either a confirmation or correction to this.
Cisco Firewall :: ASA5505 / Pcs To Get Their IP Addresses Directly From DHCP Server?
Feb 7, 2012We have a Cisco 5505 ASA fireawll at a remote site. I can get the firewall to issue the IP addresses to the pc's, Is there a way for the pc's to get their IP addresses directly from our DHCP server?
View 3 Replies View RelatedCisco Firewall :: Can Upgrade Active / Standby Pair From 7.2(4) To 8.0(5)25 Directly
Jan 17, 2012Can I upgrade Active/standby pair from 7.2(4) to 8.0(5)25 directly or need to upgrade to 8.0.2/4 first? Upgrade an Active/Standby Failover ConfigurationComplete these steps in order to upgrade two units in an Active/Standby failover configuration:Download the new software to both units, and specify the new image to load with the boot system command.Refer to Upgrade a Software Image and ASDM Image using CLI for more information.Reload the standby unit to boot the new image by entering the failover reload-standby command on the active unit as shown below:active#failover reload-standbyWhen the standby unit has finished reloading and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the no failover active command on the active unit.active#no failover activeNote: Use the show failover command in order to verify that the standby unit is in the Standby Ready state.Reload the former active unit (now the new standby unit) by entering the reload command:newstandby#reloadWhen the new standby unit has finished reloading and is in the Standby Ready state, return the original active unit to active status by entering the failover active command:newstandby#failover activeThis completes the process of upgrading an Active/Standby Failover pair.
View 10 Replies View RelatedCisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall
Feb 26, 2013I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?
Feb 5, 2012I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
Cisco Firewall :: ASA 5510 / Enabling Firewall To Send Logging Information?
Jun 22, 2011I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies View RelatedCisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?
Apr 24, 2012We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedCisco Firewall :: Open A Port In ASA 5510 Firewall Using ASDM?
Oct 20, 2012I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedCisco Firewall :: Is ASA 5510 Firewall Required Any Subscription Or License
Nov 15, 2012I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedCisco Firewall :: 5510 - Cannot Connect To ASA With ASDM Or SSH - Firewall Running Ok
May 21, 2013I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
Cisco Firewall :: 5510 Major Flaw In Identity Firewall?
Nov 21, 2011I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
Cisco Firewall :: 5510 - Transparent Firewall Installation Using ASA Version 8.4(3)9
May 14, 2012 I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
Cisco Firewall :: 5510 / Swap ASA SSM-10 From Dead Firewall?
Mar 20, 2013I currenty have 2 cisco 5510 firewalls one of the firewals is completly dead but contains a Cisco ASA SSM-10 can i remove this card and just place it into a working unit, will i have any problems doing so.
View 1 Replies View RelatedCisco Firewall :: Unable To See Interface On ASA 5510 Firewall?
Jul 29, 2012I am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
Below is the output.
ciscoasa# sh int ip br Interface IP-Address OK? Method Status Protocol Ethernet0/0 x.x.x.x YES CONFIG up up Ethernet0/1 x.x.x.x YES CONFIG up up Ethernet0/2 unassigned YES unset administratively down down Internal-Control0/0 127.0.1.1 YES unset up up Internal-Data0/0 unassigned YES unset up up Management0/0 192.168.1.1 YES CONFIG up up
Cisco Firewall :: How To Configure Firewall Access For ASA 5510
Nov 4, 2012This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies View RelatedCisco Firewall :: Open Ports On Firewall ASA 5510
Apr 18, 2012We have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.
Cisco Firewall :: ASA 5510 Firewall Is In Transparent Mode
Apr 10, 2013We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]
View 4 Replies View RelatedCisco Firewall :: 5510 Firewall Running With IOS
Jul 26, 2012I have CISCO 5510 firewall running with IOS ASA821-k8.bin.My company has purchased another ASA5510 with IOS ASA843-k8.bin.We need to run both firewalls in Active/Standby mode.
If I upgrade the IOS of old firewall to ASA843-k8.bin the the running configurations does not work properly.It does not pick the network objects and NAT rules as they are configured with OLD IOS and running.
Or if I restore the configurations of old firewall at New ASA the result is worst. Even firewall with new IOS does not show any Access Rule and NAT rule and does not supprt network objects.
Cisco Firewall :: ASA5505 - Setting Up For Home DSL Use?
Mar 4, 2012I have a cisco asa 5505 firewall, and I have a normal home ADSL broadband router, the router currently connects via wireless to my pc.What I would like to do is basically connect the asa to my pc, then my router to my firewall.what the best thing to do here, run the aa in transparent mode, OR routed mode and do NAT on the firewall to the private ip address range of my router.
OR, would it be possible to get the outside interface of my asa to get DHCP from my broadband router so it will use a 192.168.1.x address on the outside, and then turn NAT off?
Cisco Firewall :: To Use ASA 9.0 On 5510
Oct 31, 2012So I loaded the shiny new ASA 9.0(1) on a test/dev cluster of 5510's with the SecPlus license.In 8.4.4 (or maybe 8.4.3?) new password-policy commands were introduced, which allowed for very granular password policies for local users. This appears to be gone in 9.0.1. Is this by design? These commands met certain compliance regulations. EIGRP is supported in multiple context mode now, however the contexts dont appear to form EIGRP neighborships with each other on a shared interface. I did issue the mac-address auto command in system mode if that matters. All contexts do form EIGRP neighborships with a regular IOS device, however routes are still not propegated from CTX1 to CTX2, 3, etc.It's entirely possible I'm doing something wrong, this is my first stab at multiple contexts, or its possible this doesnt work by design?
View 4 Replies View RelatedCisco VPN :: ASA 5510 - VPN With Firewall
Jun 5, 2012I am using ASA5510 as firewall and vpn is configured. Inside my office i have two networks one with 10.X.X.X and 192.X.X.X . My inside firewall interface configured with 10.X.X.X network.
When I connect from outside using VPN client I can access 10.X.X.X network but other network I can't access.How can I make it.
Cisco Firewall :: ASA 5510 - How To Get Around GUI
Jul 11, 2012Good tutorial video or site for the ASA 5510s?how to get around the GUI; adding rules.
View 4 Replies View RelatedCisco Firewall :: NAT On ASA 5510 8.2
Aug 15, 2011I am facing some issues on static NAT,after my IOS upgrade from 7.2(3)
I am getting some peculiar error
%ASA-6-302013: Built inbound TCP connection 654734 for dmz:172.19.19.141/27685 (172.19.19.141/27685) to inside:192.168.16.250/3389 (172.19.22.91/3389)
%ASA-6-302014: Teardown TCP connection 654734 for dmz:172.19.19.141/27685 to inside:192.168.16.250/3389 duration 0:00:00 bytes 0 TCP Reset-I
Configuration
static (inside,dmz) 172.19.22.91 192.168.16.250 netmask 255.255.255.255
access-group dmz_in in interface dmz
access-list dmz_in extended permit ip host 172.19.19.141 host 172.19.22.91
I am trying to access a machine in Inside from Dmz
interface Ethernet0/2
nameif dmz
security-level 50
interface Ethernet0/1
nameif inside
security-level 100
Home Network :: Upgrading - Will It Need Firewall
Oct 8, 2011I am upgrading my home network, I am running cat 5 cables all around my house. currently I have a comcast cable modem and a netgear router. I will have about 20 cables coming in to my office (all the network equipment is already there) I know I will need a switch but I am not sure what kind. I will be upgrading my wireless router to a much better one, should I have the router get its internet connection from the switch or have the switch get the connection from the router. Will I need a firewall? I also have a web and ftp server running behind the router? how should I connect my server?
View 4 Replies View RelatedCisco Firewall :: ASA 5505 Configuration For Home Network
Sep 4, 2012I've been trying to configure a cisco ASA 5505 for my home network but I'm not having much joy with it. I've looked at countless guides, tutorials and followed the ASA setup wizard in ASDM. The Cisco 1841 is running sub-interfaces for my VLAN's.
View 4 Replies View RelatedCisco Firewall :: 871 Setup Small Home Network With ASA
Oct 28, 2011I would like to setup a small home network with an ASA firewall and an 871 router for testing purpose so I can get familar with the ASA commands and concepts. Is there sample config I can be pointed to?
View 2 Replies View RelatedCisco Firewall :: ASA 5510 DMZ Configuration?
Dec 26, 2011I have a Cisco ASA 5510 connected to 2 private lans (1 for my HQ pc's{inside} and 1 for the worldwide mpls{outside}) It is also connected to the public internet at interface "public" and my dmz at "dmz" interface. I suspect I have a routing issue because packet-trace yields allow, the nat looks ok and the objects look ok at least to me but I'm the one with the non working config so...Basically this is the desired flow:
1. I need all traffic from the inside to be able to flow to the outside unimpeded as they are both trusted networks. (this is ok right now as I allow everything via access-list 101.)
2. I need any host on the public internet to be able to reach a server on the dmz via the pat which I set up from the "public" interface to the "DMZ" interface. The desired flow would be that the person on the internet types in [URL] and this is directed to the public interface ip which forwards to the webserver object on the dmz. (I cannot get this working any which way)
3. I need the dmz to be able to communicate with another server on the mpls via the "outside" interface when it recieves the request from the public it then checks with this other server on the outside via nat(translating the dmz range into the ip of the outside interface on the firewall)I have a default route that points to the mpls or outside interface for 0.0.0.0 0.0.0.0 via 10.x.x.1 - (and although I'm not sure I suspect this could be conflicting with traffic that needs to be sent to the "public" interface .... meaning that the firewall should dump packets bound for 0.0.0.0 0.0.0.0 to the public interface - 184.x.x.194 but I'm very reluctant to change the default route as this is in production and I'm not sure how it will affect traffic).However, I do suspect that if I changed the route from default to static as such:
route 10.0.0.0 255.0.0.0 10.x.x.1 (this would get all lan and mpls traffic to the mpls gateway) route 0.0.0.0 0.0.0.0 184.x.x.193 (this would send everything else from public to the public internet gateway)I think this is accurate but then I would bypassing my corporate internet proxy which is behind the mpls gateway at 10.x.x.1? Is there a way to get http traffic originating from the lan (10.x.x.x) to use the mpls gateway and http traffic for the dmz to use the public internet gateway at 184.x.x.193. I don't want to start causing a flow problem for the internet nor do I want to bypass my corp internet proxy.Either way I cannot get this to work, eventhough the logic checks out, I cannot get even a ping response when I allow icmp any any for testing. Note: I can ping resources on each network from the firewall, not only it's own ports in the associated network but other resources on those networks as well.
Here is the running-config:
ciscoasa# sho run
: Saved
:
ASA Version 8.4(1)
!
hostname ciscoasa
domain-name marcjacobs.lvmh
[code].....
Cisco Firewall :: ASA 5510 - Cannot Access To Dmz From Outside
Jun 26, 2012I have a new ASA 5510 firewall, the objective is to set up a DMZ zone. my problem is I can't access to the web server in the DMZ from outside
DMZ ==========> outside OK
INSIDE ==========> DMZ OK
DMZ ============> Inside OK
OUTSIDE ==========> DMZ NOK "FAIL"
I put in attachment the running-config file.